Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.3.2229

Information Disclosure

This page lists 612 vulnerabilities in this category.

Critical: 3 High: 393 Medium: 134 Low: 72 Information: 10
Vulnerability Name
CVE
CWE
Severity
GlassFish admin console weak credentials
-
CWE-693
High
Devise weak password
-
CWE-200
High
Apache Axis2 administration console weak password
-
CWE-200
High
Configuration file source code disclosure
-
CWE-538
High
web.xml configuration file disclosure
-
CWE-538
High
Configuration file disclosure
-
CWE-538
High
Macromedia Dreamweaver remote database scripts
CVE-2004-1893
CWE-200
High
Apache OFBiz Log4Shell RCE
CVE-2021-44228
CWE-78
High
[Possible] Backup Source Code Detected
-
CWE-538
High
Struts2 Development Mode Enabled
-
CWE-16
High
Delve Debugger Unauthorized Access Vulnerability
-
CWE-200
High
Apache Tomcat version older than 7.0.21
CVE-2011-3190
CWE-264
High
Apache solr service exposed
-
CWE-200
High
Core dump file
-
CWE-200
High
Arbitrary local file read via file upload
-
CWE-200
High
Dragonfly Arbitrary File Read/Write (CVE-2021-33564)
CVE-2021-33564
CWE-20
High
GoCD information disclosure (CVE-2021-43287)
CVE-2021-43287
CWE-200
High
Laravel Terminal open
-
CWE-200
High
Possible database backup
-
CWE-538
High
Oracle E-Business Suite Information Disclosure
-
CWE-200
High
Adobe ColdFusion directory traversal
CVE-2013-3336
CWE-22
High
ASP.NET application-level tracing enabled
-
CWE-215
Medium
Frontpage authors.pwd available
-
CWE-538
Medium
WordPress username enumeration
-
CWE-200
Medium
apc.php page found
-
CWE-538
Medium
PHP curl_exec() url is controlled by user
CVE-2009-0037
CWE-352
Medium
Webalizer script
-
CWE-538
Medium
Jenkins dashboard
-
CWE-200
Medium
JBoss status servlet information leak
CVE-2010-1429
CWE-200
Medium
Source Code Disclosure
-
CWE-538
Medium
SQLite Database File Found
-
CWE-538
Medium
PHPinfo pages
-
CWE-200
Medium
Django Debug Mode Enabled
-
CWE-200
Medium
Sensitive Data Exposure
-
CWE-200
Medium
Chrome Logger information disclosure
-
CWE-200
Medium
Directory listings
-
CWE-538
Medium
CVS Detected
-
CWE-527
Medium
Tornado debug mode
-
CWE-489
Medium
Global.asa backup file found
-
CWE-538
Medium
[Possible] AWStats Detected
-
CWE-538
Medium
Apache Server-Status Detected
-
CWE-200
Medium
Apache Server-Info Detected
-
CWE-200
Medium
Apache httpOnly cookie disclosure
CVE-2012-0053
CWE-264
Medium
WordPress database credentials disclosure
-
CWE-538
Medium
Yii debug mode enabled
-
CWE-16
Medium
JetBrains .idea project directory
-
CWE-538
Medium
Development configuration files
-
CWE-538
Medium
ASP.NET CustomErrors Is Disabled
-
CWE-12
Medium
Apache Axis2 information disclosure
-
CWE-200
Medium
Apache Tomcat examples directory vulnerabilities
-
CWE-264
Medium
Arbitrary file existence disclosure in Action Pack
CVE-2014-7829
CWE-200
Medium
Drupal Views module information disclosure vulnerability
-
CWE-200
Medium
Symfony web debug toolbar
-
CWE-489
Medium
Apache Tomcat sample files
-
CWE-538
Medium
Spring Boot Actuator v2
-
CWE-489
Medium
MongoDB HTTP status interface
-
CWE-200
Medium
Grails database console
-
CWE-200
Medium
Password found in server response
-
CWE-312
Medium
Spring Boot Actuator
-
CWE-489
Medium
Core dump checker PHP script
-
CWE-200
Medium
Virtual host directory listing
-
CWE-538
Medium
[Possible] Database Connection String Detected
-
CWE-200
Medium
Amazon S3 public bucket
-
CWE-264
Medium
ASP.NET diagnostic page
-
CWE-200
Medium
Full public read access Azure blob storage
-
CWE-264
Medium
SharePoint exposed web services
-
CWE-200
Medium
Insecure transition from HTTP to HTTPS in form post
-
CWE-200
Medium
[Possible] Password Transmitted over Query String
-
CWE-200
Medium
Rails controller possible sensitive information disclosure
-
CWE-200
Medium
WordPress pingback scanner
CVE-2013-0235
CWE-918
Medium
WebDAV directory listing
-
CWE-538
Medium
Oracle applications logs publicy available
-
CWE-200
Medium
Apache perl-status enabled
-
CWE-200
Medium
W3 total cache debug mode
-
CWE-489
Medium
Unprotected JSON file leaking secrets
-
CWE-200
Medium